83: Icon with Phillip Wylie

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.

Chris: Phillip Wiley, aka The Hacker Maker, is a linchpin in the security community. He is an offensive security guru, educator, speaker, and author. With over 25 years of information technology and cybersecurity expertise, he is the host of the Hacker Factory podcast and just launched his own podcast, The Phillip Wiley Show. He has also spoken at countless conferences including RSA, ATLSECCON, DEFCON, HackSpaceCon, B-Sides, Wild West Hacking Fest and many more.

Chris: Phillip, welcome back to Barcode my friend.

Phillip: Thanks. Great to be back. And it was great to finally meet you in person last year during Black Hat and Defcon.

Chris: It was, man, it was. And I’m hoping to be there again this year, so I hope to see you again and we can catch up.

Phillip: Yeah, hopefully this time we have more time.

Chris: Yeah, definitely. Last year was a rush.

Phillip: Yeah.

Chris: So I want to just extend right off of that intro and stay on the topic of con presentations.

Phillip: Okay.

Chris: A lot of individuals are interested in speaking at conferences, and you’ve been doing it for a while now. Talk to me a little bit about your experience there and how your involvement in presentations started and evolved to where you are today.

Phillip: Sure. Actually, what got me interested in the first place was at one of our local Cybersecurity Meetup groups. There used to be a group called the North American Information Security Group Meetup, and they had a chapter in Dallas. And the two people that ran that group also were the people that ran our local B-sides conference, B-sides DFW. And when they had to call papers, call for papers for B-sides DFW in 2013, I remember one of the coordinators said the best job he had gotten of his career was because he spoke at conferences.

Phillip: And that was something that seemed interesting to me. And when I heard that, like, the next week, I went and signed up for Toastmasters. So I started going to Toastmasters, and Toastmasters helped a lot. So if anyone is scared to speak publicly or want to refine those skills, I highly recommend Toastmasters. It’s one of the cheapest professional development programs you can go through. And it took me from when I started, that was the fall of 2013. So by June of 2015, I gave my first conference talk.

Phillip: A friend of mine and former coworker was hosting this conference for these people in the Nigerian banking industry. So actually they came to us for the conference because security wise, it was easier to keep people secure here opposed to Nigeria. So that was my first attempt and I wanted to speak more, but I really didn’t know what to speak on. So fast forward to 2018. I started teaching ethical hacking and web app pen testing at Dallas College.

Phillip: And so that’s where I kind of found my calling, my mission, because I’d been mentoring people, sharing information with people that want to get started pen testing. And so the thing with the speaking at is I really couldn’t think of a topic that I really wanted to speak about. And then I found the need to speak on the subject of getting started in Pen testing. So I started out with one of my talks that was actually a lecture for my class, the PenTester Blueprint, which became a conference talk and it became a book.

Phillip: And I gave that and got involved with that, really got into speaking. The teaching kind of helped me develop my speaking skills, just speaking as much as I could. I was submitting CFPs to a bunch of different conferences. Did some in person in 2019, not quite as much as I do now, but the pandemic hit and then I had the opportunity to do lots of virtual speaking. So there was times I would be speaking at two conferences the same day virtually, which you can’t do that in real world.

Phillip: And so I just took advantage of that, doing a lot of that, and got the experience. And getting the practice really helped me feel more confident. And the more I do it, the more you do it, you’ll eventually start getting invited to speak at conferences. At first you’re just kind of getting your name out there. Some conference you’ll have to submit a CFP to get accepted, but some cases you’ll get invited. Not everyone’s going to invite people to the conference to speak, but you have to submit a CFP. But that’s kind of how I got started.

Chris: Did you have experience talking in front of large crowds or was this like brand new concept for you?

Phillip: It was a new concept for me because teaching in the classrooms, of course the classes weren’t overly big. I mean, I think most of the time I had maybe 25 students. So just getting comfortable with that, teaching people, it really helped me to explain things in a simpler fashion because not seeing every conference you’re going to go to, people aren’t going to understand it, but just being able to explain it in simple terms that anyone could understand helped me with my conference speaking. And so when I first started teaching, before the Pandemic hit, it was all in person.

Phillip: And so I was giving lectures like twice a week, anywhere from an hour to 2 hours. So I got a lot of practice with it.

Chris: And you mentioned your book earlier, and as an instructor, you really focused on your expertise as a Pen tester. Right, as an ethical hacker. And I know that you’re deeply rooted within that discipline of security, which is often heavily technical at times. What are some effective techniques that you use when you need to communicate these complex concepts to a potentially nontechnical audience? And how do you ensure that they properly understand the aspects of what you’re conveying?

Phillip: Yeah, one of the things I try to do is I use plain language terms for something. If you’re trying to compare security to something like penetration testing, you could use an analogy to football. So you have the offensive team, defensive team. The offensive team is trying to penetrate the goal zone. You’re trying to get in there. So that is the same thing we’re doing as a penetration tester. We’re trying to get in, break into whatever device we’re trying to get into, assess the security of so use using plain language terms and not using and if you’re using acronyms, explain the acronyms, explain the technology.

Phillip: Because sometimes there just really isn’t an easy way to just, there’s not a plain English term for it. You have to kind of explain it. And so some cases make sure you explain the technology and the acronyms. Just kind of assume that people don’t know that in your presentations. Don’t just have the acronym at first. The first couple of times you use the acronym, just like in writing, you show the acronym next to in parentheses what it actually means.

Phillip: So that way people understand. So you want to make that as easy as possible. So take advantage of that in your slides, making sure you explain that as you go along. And just don’t assume that people are going to know anything. Even if you’re talking to others that are in pen testing, there may be some areas you’re familiar with that they’re not.

Chris: One of the most effective ways that I’ve personally found to engage an audience is by incorporating those realistic use cases within a presentation. And for me, I feel as though it helps with that connection between the speaker and the listener. Right. Is that something that you lean on as well? And if so, what have you found to be some best practices for incorporating real world examples into your presentation in order to make it more engaging and relevant to that audience?

Phillip: Sure. One of the things I like to use real world examples of some penetration tests I’ve done before, even some of the few physical tests I’ve done and kind of explain what we did, what the outcome was. And then going back to analogies, one of the things that’s another good way to explain to people too, like open ports is like doors to a house, doors into a building is this you go around checking to see what doors are unlocked where you can get in.

Phillip: So that’s kind of like you’re doing your port scanning, looking for vulnerabilities, you’re looking for a way in. And so that’s kind of one of the analogies that can be used to explain that. I’ve kind of picked that up from someone else and I think it’s a good one.

Chris: What do you feel conference organizers are looking for in a speaker that applies to a conference? And then how can that person best position themselves and differentiate themselves from other applicants?

Phillip: One of the things I’ve seen, and I think most a lot of your conferences, like your B-sides, like wow, as Hacking Fest and some of these other conferences kind of the way they do things sometimes. It’s like they remove any mention of the person out of the paper. So that way, if I’m submitting a talk, if someone that’s never submitted a talk before submits a talk, and Dave Kennedy submits a talk, no one’s going to know unless they read through and figure out some of the stuff that maybe Dave’s given that talk before.

Phillip: But it’s a good thing they remove that out. A lot of these conferences are trying to encourage new speakers. I think it may be trying to think Grim. I think one of their conferences, they actually encourage and dine initiative. They encourage, like, brand new speakers and assign them mentors and help them prepare to speak. So one of the things I’ve seen that’s really important, one of the things I’ve kind of seen for my podcast is try to think of a catchy title, something that’s interesting, someone to grab someone’s attention.

Phillip: It’s just like they’re saying you’re trying to sell someone. You hear a lot of the YouTubers will say that if you don’t get someone’s attention the first three minutes, you’ve lost it. So you just want to make sure try to come up with a good title that really catches people’s attention. Do a good job of describing it, and try to think of ways that would make someone interesting. It’s like sales. You’re trying to sell your talk, so make sure you’re putting things in there to make it more interesting.

Phillip: Even like Defcon has like a whole section on how to submit talks. They show how to submit a good talk. So go through, look into it. Not just go out there and just submit a talk without doing your work homework. Go out and look at some of those resources on how to prepare for a CFP and make sure you cover all the bases. You’re giving enough details, kind of giving some points that are some of the learning points that people will get from that presentation.

Phillip: So do a really good job of describing that. And then, like I said, try to find a good catchy title because I’ve seen some things where you can see some people’s talks compared to and that’s one of the things I try to make things a little more interesting because I’ve seen people with really catchy titles and descriptions, and when you have something just kind of plain and generic, it’s just not as attractive.

Phillip: And when people are reviewing the CFPs, and I’ve done this a few times myself, you get maybe hundreds of CFPs and you’re going through that, and if something catches your eye, you’re more likely to pay attention to it, maybe. Otherwise it may not get the thorough look over that it should.

Chris: Yeah, I love that you have the content. You know, you have the content. Your content is quality, but you want to make sure that that title is quality too. It’s like a new movie comes out right, it’s got to have that catchy title because I’ve seen great movies with terrible titles.

Phillip: Yeah, and another thing to consider, too, is if you’re at the conference, you’re wanting people to come see your talk. That’s another thing to keep in mind because when you look at Sked or Hacker Tracker, they have just a little bit of information until you drill down into it. So if you got a nice catchy title, then you’re more than likely going to get people that are going to come see your talk. If it’s something that’s a really hot topic at the time, include that in your title. If it’s about APIs, make sure you got API somewhere in your title.

Phillip: External Attack, surface Management, or whatever the hot topic of the day. If that’s included in your talk, have that in your title so it doesn’t get overlooked. You want a catchy title, but don’t leave out important topics in their subjects that should be in that title. Because like I said, when people are registering for the talks, you want people to attend your session. And so that’s very important there too.

Chris: Definitely. For the folks that don’t present often, what is your advice for those in terms of outlining a new talk? What should they consider? How should it be structured for them to be able to present it best? Is ChatGPT an option now?

Phillip: I think it’s good for an outline. I’ve used it to come up with some outlines for some other things. I haven’t really used it for a conference talk yet, but I would leverage that. One of the things to consider too, is if you’ve got several topics that you know that go together well, then one of the things you could do is you can find these organizations like Dallas Hackers Association. Some conferences have fire talks, just little ten or 15 minutes talks, develop some good ten or 15 minutes talks that go together, and then put that together an overall presentation.

Phillip: So that way you can give those small presentations, get the feedback on how it’s help, what people are saying, if you need to add more content to it, change things up, kind of revise it as you give it, and just chain together a bunch of different topics. Although it’s got to be relevant. You’re not going to be talking about digital forensics and then talking about application security unless there’s ways to put that together. But you know what I mean, you just got to do that and just create an outline and just think about a topic you want to talk about. And a good way to present it is some of your local meetups, not even just the fire talks, but your local defcon groups, your OWASP chapters and so on.

Phillip: Just create a talk there. Give the presentation there, because one of the things you’ll find each time you give a presentation, someone’s going to ask a question that okay, I need to go a little bit deeper. Someone had a really good question, but I didn’t include this. So add to it. And that’s like a lot of my talks kind of evolve over time. I’ll pick things up. I mean, one of my more recent talks is securing APIs through External Attack Surface management.

Phillip: And during some presentations I did, even though the focus was APIs, I saw the need to include some risky protocol exposures, like RDP, different Microsoft protocols, and SMB protocols that you don’t want to expose externally to your environment. So I found some things to add to it and improve upon it.

Chris: How about the intimidation factor?

Phillip: Impostor syndrome?

Chris: Yeah. So how do you get past that and really just zone in on what you need to deliver? Have you ever experienced that?

Phillip: Lots of times. And it’s interesting how I’ve gotten the right support at the right time in those cases. And I used to run into that with my pen testing class. I’d give a presentation, I’d do a walk through, and I thought, man, this was kind of boring. I hope the students liked it okay, or I hope they got something out of it and then someone would come up, hey, that was a really good lecture. I really learned a lot from that. Thanks.

Phillip: And so one of the things we got to look at when you’re speaking to a crowd, you want to make sure you’re developing that. Talk to the lowest common denominator so like the least experienced person in that room present to them. And what I’ll say, there’s going to be people in your room that are a lot more skilled and experienced than you are. While I was hacking fest, I had Dave Kennedy setting into my talk. So, I mean, that dude knows way more than I do.

Phillip: But the thing is, there’s someone that’s going to be in that room that doesn’t know as much as you do. You’re going to know something about that subject. Typically, we’re going to pick things that we’re subject matter experts on and so make sure that you’re trying to help other people learn. One of the things you have to realize, too, is a lot of people empathize with public speaking, they know it’s not easy and they understand that. And people, most cases, will give you respect. And you usually don’t get much negativity, as we all see from social media sometimes, and Twitter.

Phillip: People can kind of be haters and stuff. You got a little bit of that, but usually at these conferences don’t run into that. People will respect that you’re up there doing that, support that, as well as ask questions and even provide input and stuff. So I think it’s just a matter of getting practice because for me, what helped me with the nerves being nervous when I was going through toastmasters, we recorded our talks on video and the funny thing is, when I first started going through toastmasters, these little five or seven minute talks seem to take a long time.

Phillip: Now I can be doing a presentation 30, 45 minutes or an hour and it seems to fly by. But the thing that helped me the most back to them recording on video our presentations was the fact that I saw myself. I didn’t look nervous. I was worried about my appearance, how I was coming off. And so I would tell people, I said, wow, I didn’t look nervous at all. I said, well I couldn’t tell you’re nervous and most of the time people aren’t going to see that.

Phillip: And that just kind of helped me. I didn’t look bad doing it, so that kind of helped me overcome it. And then just knowing that someone is going to get something out of it.

Chris: We are all our own worst critics, right?

Phillip: Definitely. And one of the things I add to that too, doing that repetition. So most of the stuff I talk about is pen testing topics. When you’ve taught something over and over again, or you’ve spoke about something over and over again, there’s little talking points and stuff that you can use in other talks. I’ve been in panel interviews and podcasts with numerous guests and some of the things I know how to relate that to a specific subject. I mean, something like ransomware comes up.

Phillip: I’m not an expert on ransomware, but I know that it leverages known exploits or even zero days in some cases these vulnerabilities being exploited. So I know that they’re using that. This is ways that you could try to prevent some of those, reduce your risks is I know that you can do pen tests to try to find these vulnerabilities, remediate it. So learning how to relate what you do and what you know to the topic is very helpful. And the more you get asked questions, the more doing AMAs or getting asked questions during these conferences, you get the experience with that and it’s relatable to other things.

Phillip: Before I would be really uncomfortable in a conversation about things that I didn’t have much experience in, but now I’ve learned how to do that just based on my experience. So even topics that you’re not as comfortable with, you become more comfortable with the practice.

Chris: Do you feel like crowd interaction is important when you’re presenting engaging with the audience versus just reading a script straight through? Right. Your style is more interactive, correct?

Phillip: Yes, I like interactive. I mean, there’s times that I’ve been with the virtual stuff during the peak of the pandemic, you didn’t get as much interaction. But I really like the more interactive stuff. People have a comment or people have a question that always makes it more interesting. When I was doing a panel last week at RSA for this Pam vendor, we had someone from the FBI on the panel and Chloe Mistoggy and they wanted it to be interactive. And it was great because people had questions. And one of the things starting out also mentioned when they said, make it interactive, I said, if you have any comments or experience to share, share that. And so the more interactive you make it, the better experience that you have for the people attending. Another thing I like to do too is engage with your audience. So you see people in audience, you’re looking around the room, try to connect, try to make eye contact with people, speak to each person in that room.

Phillip: And what happens is you’ll see people that are getting it enjoying your talk, and you make sure to keep feeding into that because it just makes a better experience from everyone, for everyone. And the people there see that you care that you’re wanting to give them a good experience. And so I think that’s just one of the things I do. There’s people that are a lot better speakers than I am. But that’s one of the things I do, is I like to really try to connect with the audience and make sure that they’re having a good experience and make sure that try to make it lighthearted and try to you have to be careful with jokes sometimes, because even if you go to some other country, they may not get our humor. But some of the things I do is I like to include what you kind of like an icebreaker. I was routinely including a slide on my pen test career where I started out as a pro wrestler and share my bear wrestling picture and get into all that to show my path.

Phillip: Originally, that was to encourage people that wanted to get into pen testing to show them, if I could do this, this is my background. You could do it if you want to do it, but what it’s also become is an icebreaker. People see that bear wrestling picture and they get a good laugh out of it. It kind of eases your audience into you, shows you that I’m your average Joe. I like to have fun. I’m no different than you are.

Phillip: This is my past. And it just seems to make a better experience. People just kind of connect with you better on that level.

Chris: You just had an awesome experience at RSA last week for your Hacker Factory podcast! Where was that? Media Alley? And you got to join three other individuals. Can you talk about that experience?

Phillip: Yeah, that was a good one. The podcast through ITSPmagazine. They’re a media partner for RSA and they were going to be in Broadcast Alley and so they came up and asked if we’re interested in podcasting to block off times. And one of the things I did, one of the things I like to share because I think it’s great for people just getting started out in cybersecurity, it’s a good way to get attention and build their brand. And so I wanted to do a panel type podcast on content creation because Jason haddocks Daniel Measler Nahomsek, they are all creating content and it’s a little bit different. You’ve got Daniel that’s got his newsletter in podcast and it’s interesting because the short format podcasts are starting to become popular, which is his podcast is like 20 minutes, so it fits into that. He’s also doing newsletter and a lot of people nowadays don’t think about podcast or newsletter as content creation, but is it’s probably some of the earlier content creation.

Phillip: And then of course, Jason has done a lot of his presentations on the bug Hunter methodology, give different talks on pen testing and bug hunting. And so he’s a great presenter. A lot of his content has been through live streaming and conference talks. And then you had Nahom SEC that does a lot of streaming and stuff around bug bounty and pen testing. So it was really interesting to get them in to share their experience, because you have these guys that have over 100 something thousand followers on Twitter alone and so just kind of getting their advice on how they did. Things because just be able to build your brand and doing content creation is a good way to get attention because I’m not to the extent those guys are but one of the things all the conference speaking podcasting, being on other people’s podcasts and webinars and stuff that’s helped my brand and makes it a lot easier for me to get jobs there’s people in the industry a lot better than me.

Phillip: But the thing is, I’m out there, people see me and they feel like they kind of know you from seeing you in a video or hearing you on a podcast compared to someone that all they see is a LinkedIn profile. There’s not much personality to that as much as like if you’re interacting on a video or audio or something.

Chris: Yeah, and I saw that pick online and I was like, man, four legends on one stage. I regretted not going to RSA at that moment.

Phillip: Yeah, it was awesome and it was a lot of fun. The interesting thing is I’ve been a lot of panels before, I’ve spoken a lot of conferences around a lot of people. But broadcast alley, there wasn’t a lot of traffic, but it was kind of odd to be in an open space setting on these stools, these high seated stools, and people were walking by, seeing, this is kind of okay, this is kind of interesting, and having a crew there to do the recording and video and stuff. But it was a fun experience. It’s probably one of the highlights of all the RSAs that I’ve attended.

Chris: Yeah, man. Okay, so post conference it’s important to know how to measure the success of your presentation. Understanding what worked, understanding what didn’t work, what metrics should you be looking at and how do you go. About collecting feedback on your presentation are evaluation something that conference organizers will typically provide you.

Phillip: Some of them will like RSA does that as well as some of the Sands conferences, too, some of their virtual conferences and in person conferences they do that, which is good, but most conferences don’t do that. So what I kind of rely on is just kind of seeing the interaction from the crowd, how they respond, because sometimes they’ll stay behind, ask questions, or they’ll want to meet you always on your last slide or someone on your slide deck. Show people how to connect with you, social media, email or whatever.

Phillip: And that’s kind of one of the ways I can kind of gauge because if I do a talk somewhere, people that connect with me on LinkedIn, just the messages and feedback that I get from that is kind of the way I gauge it. And that’s one of the things that helps the imposter syndrome, when you start getting the feedback on something that you may not have thought is so great. And then once you start hearing from people, you just kind of have to realize, okay, if people getting useful information out of this, they’re getting good out of this, then it’s worthwhile.

Chris: Let’s talk about the new podcast, Phillip Wiley show. What inspired you to start this podcast and what topics should listeners expect to hear from you in future episodes?

Phillip: Sure. Actually, I had several of my friends and people that I know that are well known content creators that actually told me that I should do my own thing. I was looking to do it and I was considering using a different name or whatever, and they said, use your own name because what brand are you trying to build? If you’re trying to build a company to sell, then come up with the name, but otherwise use your own name, you’re easy to find. And that’s kind of some of the advice I got from David Bomball when I was on his YouTube show.

Phillip: He mentioned you use your own name. And so I kind of went with that and kind of part of the reason I kind of decided to do my own thing. The other podcast is my format, my show name and all that, but with this, I can publish episodes as quickly as I want to. It could be like a synergistic effect of all the things I do. Before. I used to live stream. That’s kind of hard to do on a weekly basis, but I’ve kind of thought one of the things I’m going to do is I’m going to put in some periodic live streams.

Phillip: On May 19, I’m doing a live stream workshop on jump starting your pen testing career with the Pen Tester Blueprint, and it’s based on the workshop that I gave at HackRedCon or HackSpacecon and DFW SecCon. And so I saw a lot of people getting feedback, asking, Is this going to be virtual and it wasn’t. So I decided to do it streamed. So these are some of the things I’m going to do. Instead of doing things all segmented, I’m just going to kind of do things together like that. And one of the things I’m doing is adding some technical content.

Phillip: I released a couple episodes today just because I used May the Fourth for an excuse. But honestly, it’s kind of like me at Christmas time when I get my wife or daughter Christmas presents. I can’t wait to give it to them. And I had some really good episodes. I wanted to go ahead and release it early. I thought a day early is not going to hurt anything. Get that out there. And for instance, one of the talks is my typical format, someone from the community sharing their path and advice to others.

Phillip: And the other one was more of a technical thing. Kenny Parsons has a project called Pawncube and it’s a purposely vulnerable Kubernetes environment for people to practice pen testing and hacking. So I released that. So I really want to do more of a variety of things. After doing the content creation podcast RSA, I want to get into having more episodes around content creation and personal branding. I got Zach Hill from TCM Academy and TCM Security coming on the podcast to share his tips on personal branding and content creation because it’s something that just really can’t be overlooked by people starting out. And I think it’s a fun topic and not just sticking to the same format. Like I said, I have some more technical episodes. I tend to have some that are maybe a little deeper technical.

Phillip: I had an episode of the other podcast of The Hacker Factory where I had some folks on harmjoy was sharing some security research that they came out with, with the active Directory certificate service vulnerability and they were presented research. So I intend on being like a combination of different things and include some of my different passions because I compete powerlifting, I’m interested in health and fitness. So I’ve even had the idea of one of my former personal trainers has a really good story. He had a near death experience, was really kind of a self centered person, and then he’s got into doing meditation. So he’s become more in touch with himself, he’s become a better person.

Phillip: It’s changed his life and he’s helping others. And so mental health is important in cybersecurity. So I thought having him on to share about how meditation can help manage your mental health. So one of the things I’ve made mistakes on before past or I guess really not too much a mistake when I branded things, the main focus was offensive security. And so with like The Hacker Factory, I got to where I’d have guests on from other areas of cybersecurity. So I thought, I’m not really going to focus in too much I’m going to have it open and offer other topics. If people like those other things, I’ll continue to have that and we’ll try different things and not just be the same type of format all the time.

Chris: So Hacker factory is not ending.

Phillip: No.

Chris: Okay.

Phillip: And actually, Kenny Parsons, that was just on with the Ponecube episode, he’s got an episode of The Hacker Factory coming out pretty soon. And one of the things about the mission of this, too, is one of my things before I ever got into mentoring and the teaching and the speaking, one of the things I always did was share resources with people. And another thing I like to do is I like to introduce people.

Phillip: I’ve got really cool friends I know, really cool people that I think it would benefit others to know them. I always like to introduce people. So this show is just like basically it’s a good title, The Phillip Wiley Show, because the things I’m about are mentoring, educating, introducing people to my friends, people I know, people they can learn from. So that’s just really what it is, sharing those resources. Just a way to share on multiple topics because some people in cybersecurity may not have some good resources on mental health or physical health and share that some resources I come along that’s helpful and share with them. So that’s just pretty much the main overall arching theme, is sharing.

Chris: I will say that your content is consistently high octane, man. It’s always cutting edge. It’s always captivating. I love how you deliver it.

Phillip: Thank you. I appreciate the support.

Chris: For sure, man. I encourage everyone to check it out, too. So tell us where we can find you and connect with you online and then also find the new podcast.

Phillip: Sure. You can find me on Twitter, Phillip Wiley, and it’s just Phillip Wiley and also on LinkedIn as well as if you go to thehackermaker.com you’ll find information for my podcast and some of the conference talks I’ve done. I share presentations up there. There’s links to the podcast.

Chris: And you have a YouTube channel, too, correct?

Phillip: Yes. And it’s at Phillip Wiley, just like the Twitter account.

Chris: Okay. Yeah. You’re not hard to find.

Phillip: So my new podcast is going to be you can see the video versions of it on YouTube and Spotify and then audio versions and all the popular podcast platforms.

Chris: Nice. I know you’re home based in Dallas, Texas, right? So out of all the conferences you’ve been to, the many cities across the globe that you’ve traveled to, where’s the best bar or restaurant that you’ve ever found yourself in after a talk?

Phillip: I will tell you the best bar, because it was very cool. I went there, but I didn’t drink. This was when I was a Bug Crowd ambassador. Chloe Mistaggy and Jason Haddocks was in Austin for besides Austin, jason and I were on a panel for Bug Crowd along with Jason Street. We needed another person. So that was a fun panel to be on a panel with Jason Street, and Jason haddocks so instead of Between Two Ferns, it was between two Jasons.

Phillip: But the coolest bar there, and it’s just the atmosphere was called the Roosevelt Room in Austin.

Chris: Okay

Phillip: It’s a speakeasy. And then you get in there, there is this elaborate story and set up on all these drinks. So they had this one drink that came out. It looked like this big, nice crystal ashtray, and it looked like a cigar, but it wasn’t a cigar. It was like sage or something rolled up to look like a cigar with this I think it was like an old Fashioned. And there’s just all these details and effort that goes into these drinks and the presentation.

Phillip: I’m no longer a drinker, but I was really impressed. I mean, just even though I wasn’t drinking, just seeing the setup and the wait staff was very versed on the drinks and explaining it and all that. So it was a really cool atmosphere, kind of a dark speakeasy type place. Just really cool bar. I recommend if you go to Austin, that’s one place I highly recommend. And what’s cool about it, too, is Texas is mostly a conservative state.

Phillip: It’s mostly a red state. But the cool thing is, you get into Austin, you would never guess that because you get there. There’s. The University of Texas. There. You’ve also got, like, a really good arts and music scene there. That’s where south by southwest is. South by southwest. Not only music, but also movies and stuff that come out. So it’s a really pretty cool scene. It’s interesting because some of my former Israeli coworkers from Psychognito, out of all the places they had visited in the US.

Phillip: Austin was their favorite place.

Chris: And you’re traveling to Tel Aviv soon, so we’ll have to sync up when you get back.

Phillip: Fortunately, I got to go there last year, I was at Cycognito. And speaking of bars, one of the most interesting name bars was there because the CTO from Cycognito is his favorite place to go. Favorite bar is right down the street, and the name of it was the Dancing Camel.

Chris: So do they have a mechanical camel inside?

Phillip: No, they didn’t. They it’s kind of a missed opportunity.

Chris: Yeah, because in Texas, you got the mechanical bull in almost every bar you walk into.

Phillip: And actually, speaking of that, at LastCon in Austin, it’s an OAS conference. It stands for lone Star Application Security Conference. They have a mechanical bull at the conference. So does Wild West Hacking Fest, too.

Chris: Oh, they got to. Yeah, they got to. Well, Phillip, thanks again, my friend, man. It’s always a pleasure, and I will hopefully see you at the next Con.

Phillip: Yeah, well, thanks for having me, and always a pleasure talking, and hopefully we meet up next time we will have more time than we did at the Black Hat, but we’ll definitely have to put it on the schedules.

Chris: Yeah, man, for sure.

Phillip: Maybe we should have a BarCode and Phillip Wiley show meet up.

Chris: That would be pretty legit. Alright, take care man. Be safe.

Phillip: You too. Thanks